January 18, 2018 at
A North Korean-sponsored hacking group, Lazarus, has been actively trying to steal cryptocurrency from their South Korean neighbors in order to alleviate the pressure caused by internationally imposed sanctions.
A recent report has confirmed that government-sponsored North Korean hackers have been targeting South Korean exchange platforms and their users. According to the report the hacking group, known as Lazarus, are using similar techniques that was previously observed in the notorious WannaCry hacking campaign as well as the hacking campaign launched against Sony Pictures.
The hacking group has already employed a wide variety of hacking techniques to target different groups of users. The cybersecurity company, Recorded Future, reported a specific hacking campaign, the hacking group exploited a security vulnerability in the Korean word processing program, Hangul.
However other organizations have also been targeted, specifically those involved in the cryptocurrency industry. Lazarus has targeted the cryptocurrency exchange, Coinlink, as well as a student-orientated group called Friends of the Ministry of Foreign Affairs.
So far, Lazarus has been discovered to actively gain access to users’ login credentials of Coinlink using a technique known as a spear phishing attack. Users are sent fraudulent emails which contain malicious attached documents. Once the document is opened, a malware installed and executed which steals the victim’s login credentials.
Despite the reports, Coinlink maintains that they’ve experienced no attacks that originated from North Korea.
According to a Coinlink spokesperson, the company has contacted their server security provider and confirmed that there were no hacking attempts on their server. In addition, the spokesperson noted that so far no user login credentials have been compromised.
Lazarus attacks became more aggressive and frequent last year, as the value of bitcoin and other cryptocurrencies increased significantly. Experts believe that these attacks were likely launched in order to obtain cryptocurrency as a means of generating an income for the country, despite the crippling economic sanctions that have been imposed on it.
According to the director of strategic threat development from Recorded Future, Priscilla Moriuchi, these attacks are merely an extension of last year’s attacks, as North Korea scrambles to generate income to evade economic sanctions placed upon it by the international community.
Moriuchi added that the sanctions are impacting the regime under Kim Jong-un negatively, and the leader likely believes that cryptocurrency is the answer to the increasing financial pressure that the country is under due to the international economic sanctions.
The director stated that so far there is no concrete evidence to confirm how many cryptocurrencies North Korean hackers have stolen so far, but she did mention that the hackers seem mostly interested in bitcoin and monero.
Interestingly, the techniques used bear certain similarities to earlier notorious hacking campaigns such as the WannaCry ransomware campaign as well as the Sony Pictures campaign in 2014.
Considering the increasing financial strain of North Korea, it seems unlikely that they will halt their cryptocurrency hacking campaigns in the foreseeable future. Just earlier this month the cybersecurity firm, AlienVault confirmed that they discovered a mining malware which uses a victim’s CPUs to covertly mine monero.